Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.
Applies to
Microsoft Defender for Office 365 plan 1 and plan 2
Microsoft 365 Defender
Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP). Specifically, Safe Attachments uses a virtual environment to check attachments in email messages before they're delivered to recipients (a process known as detonation).
Safe Attachments protection for email messages is controlled by Safe Attachments policies. Although there's no default Safe Attachments policy, the Built-in protection preset security policy provides Safe Attachments protection to all recipients (users who aren't defined in the Standard or Strict preset security policies or in custom Safe Attachments policies). For more information, see Preset security policies in EOP and Microsoft Defender for Office 365. You can also create Safe Attachments policies that apply to specific users, group, or domains. For instructions, see Set up Safe Attachments policies in Microsoft Defender for Office 365.
The following table describes scenarios for Safe Attachments in Microsoft 365 and Office 365 organizations that include Microsoft Defender for Office 365 (in other words, lack of licensing is never an issue in the examples).
Scenario
Result
Pat's Microsoft 365 E5 organization has no Safe Attachments policies configured.
Pat is protected by Safe Attachments due to the Built-in protection preset security policy that applies to all recipients who are not otherwise defined in Safe Attachments policies.
Lee's organization has a Safe Attachments policy that applies only to finance employees. Lee is a member of the sales department.
Lee and the rest of the sales department are protected by Safe Attachments due to the Built-in protection preset security policy that applies to all recipients who are not otherwise defined in Safe Attachments policies.
Yesterday, an admin in Jean's organization created a Safe Attachments policy that applies to all employees. Earlier today, Jean received an email message that included an attachment.
Jean is protected by Safe Attachments due to that custom Safe Attachments policy.
Typically, it takes about 30 minutes for a new policy to take effect.
Chris's organization has long-standing Safe Attachments policies for everyone in the organization. Chris receives an email that has an attachment, and then forwards the message to external recipients.
Chis is protected by Safe Attachments.
If the external recipients are in a Microsoft 365 organization, then the forwarded messages are also protected by Safe Attachments.
Safe Attachments scanning takes place in the same region where your Microsoft 365 data resides. For more information about datacenter geography, see Where is your data located?
The following features are located in the global settings of Safe Attachments policies in the Microsoft 365 Defender portal. But, these settings are enabled or disabled globally, and don't require Safe Attachments policies:
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
Safe Documents in Microsoft 365 E5
Safe Attachments policy settings
This section describes the settings in Safe Attachments policies:
Recipient filters: You need to specify the recipient conditions and exceptions that determine who the policy applies to. You can use these properties for conditions and exceptions:
Users
Groups
Domains
You can only use a condition or exception once, but the condition or exception can contain multiple values. Multiple values of the same condition or exception use OR logic (for example, <recipient1> or <recipient2>). Different conditions or exceptions use AND logic (for example, <recipient1> and <member of group 1>).
Important
Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied only to those recipients that match all of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
Users: romain@contoso.com
Groups: Executives
The policy is applied to romain@contoso.com only if he's also a member of the Executives group. If he's not a member of the group, then the policy is not applied to him.
Likewise, if you use the same recipient filter as an exception to the policy, the policy is not applied to romain@contoso.com only if he's also a member of the Executives group. If he's not a member of the group, then the policy still applies to him.
Safe Attachments unknown malware response: This setting controls the action for Safe Attachments malware scanning in email messages. The available options are described in the following table:
Option
Effect
Use when you want to:
Off
Attachments aren't scanned for malware by Safe Attachments. Messages are still scanned for malware by anti-malware protection in EOP.
Turn scanning off for selected recipients.
Prevent unnecessary delays in routing internal mail.
This option is not recommended for most users. You should only use this option to turn off Safe Attachments scanning for recipients who only receive messages from trusted senders. ZAP will not quarantine messages if Safe Attachments is turned off and a malware signal is not received. For details, see Zero-hour auto purge
Monitor
Delivers messages with attachments and then tracks what happens with detected malware.
Delivery of safe messages might be delayed due to Safe Attachments scanning.
See where detected malware goes in your organization.
Block
Prevents messages with detected malware attachments from being delivered.
Messages are quarantined. By default, only admins (not users) can review, release, or delete the messages.*
Automatically blocks future instances of the messages and attachments.
Delivery of safe messages might be delayed due to Safe Attachments scanning.
Protects your organization from repeated attacks using the same malware attachments.
This is the default value, and the recommended value in Standard and Strict preset security policies.
Replace
Note: This action will be deprecated. For more information, see MC424901.
Removes detected malware attachments.
Notifies recipients that attachments have been removed.
Messages that contain malicious attachments are quarantined. By default, only admins (not users) can review, release, or delete the messages.*
Delivery of safe messages might be delayed due to Safe Attachments scanning.
Raise visibility to recipients that attachments were removed because of detected malware.
Dynamic Delivery
Delivers messages immediately, but replaces attachments with placeholders until Safe Attachments scanning is complete.
Messages that contain malicious attachments are quarantined. By default, only admins (not users) can review, release, or delete the messages.*
For details, see the Dynamic Delivery in Safe Attachments policies section later in this article.
Avoid message delays while protecting recipients from malicious files.
*Quarantine policy: Admins can create and assign quarantine policies in Safe Attachments policies that define what users are allowed to do to quarantined messages. For more information, see Quarantine policies.
Redirect messages with detected attachments: Enable redirect and Send messages that contain blocked, monitored, or replaced attachments to the specified email address: For Block, Monitor, or Replace actions, send messages that contain malware attachments to the specified internal or external email address for analysis and investigation.
The recommendation for Standard and Strict policy settings is to enable redirection. For more information, see Safe Attachments settings.
Note
Redirection will soon be available only for the Monitor action. For more information, see MC424899.
Apply the Safe Attachments detection response if scanning can't complete (timeout or errors): The action specified by Safe Attachments unknown malware response is taken on messages even when Safe Attachments scanning can't complete. Always select this option if you select Enable redirect. Otherwise, messages might be lost.
Priority: If you create multiple policies, you can specify the order that they're applied. No two policies can have the same priority, and policy processing stops after the first policy is applied.
For more information about the order of precedence and how multiple policies are evaluated and applied, see Order and precedence of email protection.
Dynamic Delivery in Safe Attachments policies
Note
Dynamic Delivery works only for Exchange Online mailboxes.
The Dynamic Delivery action in Safe Attachments policies seeks to eliminate any email delivery delays that might be caused by Safe Attachments scanning. The body of the email message is delivered to the recipient with a placeholder for each attachment. The placeholder remains until the attachment is found to be safe, and then the attachment becomes available to open or download.
If an attachment is found to be malicious, the message is quarantined.
Most PDFs and Office documents can be previewed in safe mode while Safe Attachments scanning is underway. If an attachment is not compatible with the Dynamic Delivery previewer, the recipients will see a placeholder for the attachment until Safe Attachments scanning is complete.
If you're using a mobile device, and PDFs aren't rendering in the Dynamic Delivery previewer on your mobile device, try opening the message in Outlook on the web (formerly known as Outlook Web App) using your mobile browser.
Here are some considerations for Dynamic Delivery and forwarded messages:
If the forwarded recipient is protected by a Safe Attachments policy that uses the Dynamic Delivery option, then the recipient sees the placeholder, with the ability to preview compatible files.
If the forwarded recipient is not protected by a Safe Attachments policy, the message and attachments will be delivered without any Safe Attachments scanning or attachment placeholders.
There are scenarios where Dynamic Delivery is unable to replace attachments in messages. These scenarios include:
Messages in public folders.
Messages that are routed out of and then back into a user's mailbox using custom rules.
Messages that are moved (automatically or manually) out of cloud mailboxes to other locations, including archive folders.
Inbox rules move the message out of the Inbox into a different folder.
Deleted messages.
The user's mailbox search folder is in an error state.
Exchange Online organizations where Exclaimer is enabled. To resolve this issue, see KB4014438.
S/MIME) encrypted messages.
You configured the Dynamic Delivery action in a Safe Attachments policy, but the recipient doesn't support Dynamic Delivery (for example, the recipient is a mailbox in an on-premises Exchange organization). However, Safe Links in Microsoft Defender for Office 365 is able to scan Office file attachments that contain URLs (if Safe Links scanning of support Office apps is turned on in the applicable Safe Links policy).
Submitting files for malware analysis
If you receive a file that you want to send to Microsoft for analysis, see Submit malware and non-malware to Microsoft for analysis.
If you receive an email message (with or without an attachment) that you want to submit to Microsoft for analysis, see Report messages and files to Microsoft.
Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP).
“How to disable advanced threat protection in Office 365?” To disable ATP, sign in to https://protection.office.com and click on Threat Management, which you can find in the left navigation, then choose Policy to see existing ones. You can then indicate the policies you want to disable.
Safe Links and Safe Attachments are features of Microsoft's Office 365 Advanced Threat Protection which are designed to protect students, faculty, and staff from phishing attempts and malicious software. Safe Links works by analyzing any non-whitelisted links for known malicious sites.
Click on the arrow on the side of the file to drop down the options. Upload the file to OneDrive. Once the file is on OneDrive the settings can be edited to allow the file to be uploaded as a copy and the permissions can be changed on who can see the file.
On the Safe Attachments page, click Global settings. In the Global settings fly out that appears, go to the Protect files in SharePoint, OneDrive, and Microsoft Teams section. to turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. When you're finished, click Save.
Select Start and type "Windows Security" to search for that app. Select the Windows Security app from the search results, go to Virus & threat protection, and under Virus & threat protection settings select Manage settings. Switch Real-time protection to Off. Note that scheduled scans will continue to run.
When you receive messages with attachments, Outlook.com scans the attachments for viruses and malware using advanced detection techniques that provide a higher level of protection than the free version of Outlook.com. If Outlook.com detects a dangerous file, it will be removed so you don't accidentally open it.
The problem with compressed file types is that they disguise what's actually in the package, such as dangerous .exe files or other types of malware. Unless you're absolutely sure that someone has sent you a compressed file for a legitimate reason, don't touch any attachment with a . zip, . rar, .
A Blocked for security reasons error message appears when Gmail users try to attach certain file formats to their emails. Then the users need to find another way to send the files. Gmail blocks numerous file types primarily to stop virus attachments.
Safe Links scans incoming email for known malicious hyperlinks. Scanned URLs are rewritten or wrapped using the Microsoft standard URL prefix: https://nam01.safelinks.protection.outlook.com . After the link is rewritten, it's analyzed for potentially malicious content.
This issue happens due to temporary Internet files, cookies, and other app log files. To resolve this issue, it is recommended to remove all these files before you schedule a full scan.
On its own, it is entirely safe to disable Windows Defender. The problem arises when you disable it without providing a replacement. Make sure you have another security suite set up—and of course the onus is still on you to practice sensible safety precautions.
Why Windows 11 Virus Protection Keeps Turning Off. That built-in virus protection might get shut off or declined to run because that software conflict exists on Windows 11. Your Windows 11 PC might have installed another antivirus software running in the background.
If your virus protection is shutting off or refusing to run, it's possible that a software conflict exists on your PC. This can occur if you already have an anti-virus software running and try to install another.
Windows Defender Advanced Threat Protection (ATP) is a Microsoft security product that is designed to help enterprise-class organizations detect and respond to security threats. ATP is a preventative and post-detection, investigative response feature to Windows Defender.
Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing zero-day protection and safeguarding versus phishing and other unsafe links, in real time.
Visit your Microsoft 365 Admin Center and click "Exchange" to open the Exchange Admin Center page. Switch to classic view. Click rules, under mail flow. Create a new mail flow rule by clicking the plus symbol and selecting "Bypass spam filtering".
Microsoft Office formats like Word, PowerPoint and Excel are popular file extensions for cybercriminals to use when transmitting malware via email, accounting for 38% of phishing attacks.
Microsoft Defender Antivirus is your next-generation protection. Office 365 includes antiphishing, antispam, and antimalware protection. With your Office 365 subscription, you get premium email and calendars, Office apps, 1 TB of cloud storage (via OneDrive), and advanced security across all your devices.
Office productivity files (documents, spreadsheets, etc), text files, and other files that are not executable programs will be delivered as usual. If an Office file contains a macro or other malicious file type and has an extension of .docm, it will be blocked and won't be delivered.
One of the most dangerous types of files that hackers attach to emails is an executable file. If you open this type of file on your computer, it will almost certainly contain malicious software (also known as malware).
Many common red flags include: An incorrect sender's email address. Suspicious URLs that you can see by hovering over the link. Suspicious attachments (such as a malicious Word document or PDF)
Method 1: Use a file share to access the attachment
You might want to ask the sender to save the attachment to a server or an FTP site that you can access. Ask the sender to send you a link to the attachment on the server or FTP site. You can click the link to access the attachment and save it on your computer.
On the Attachments tab, in the Actions group, click Save As. You can also right-click the attachment, and then click Save As. To select multiple attachments, hold down the Ctrl key while clicking the attachments. To save all attachments, choose Save All Attachments.
AutoSave is a new feature available in Excel, Word, and PowerPoint for Microsoft 365 subscribers that saves your file automatically, every few seconds, as you work. AutoSave is enabled by default in Microsoft 365 when a file is stored on OneDrive, OneDrive for Business, or SharePoint Online.
Can I AutoSave to my computer? AutoSave only applies to Microsoft 365 files stored in OneDrive, but the Microsoft 365 AutoRecover feature is on by default and saves your work every 10 minutes. To view or change the AutoRecover settings, open an Microsoft 365 app, and select File > Options > Save.
One of the most common ways of transmitting computer viruses is through file attachments. To help protect you and your recipients against computer viruses, Outlook blocks the sending and receiving of certain types of files (such as .exe and certain database files) as attachments.
Gmail blocks messages that may spread viruses, like messages that include executable files or certain links. To protect your account from potential viruses and harmful software, Gmail doesn't allow you to attach: Certain types of files, including their compressed form (like . gz or .
It's possible that one of your browser extensions is limiting the functionality of Gmail. Another reason why you can't attach files in Gmail is that your browser does not support the email service. If you want to access the best experience, opt for supported browsers like Edge, Chrome, Safari, and Firefox.
You can recover messages you want and add those senders to your Safe Senders list. To remove a name from the Safe Senders List, on the Safe Senders tab of the Junk E-mail Options dialog box, click the name that you want to remove, and then click Remove.
Introduction: My name is Dean Jakubowski Ret, I am a enthusiastic, friendly, homely, handsome, zealous, brainy, elegant person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.